Protecting Patient Privacy It s Everyone s Responsibility Observation & Student Learning Packet
1. Read packet Instructions for Self-Study Module 2. Complete post-test. A score of 80% must be achieved. If a score of 80% is not achieved, you will be notified by your Facilitator and given the opportunity to review the material and retake the test. 3. Return the post-test to your Human Resources contact.
Protecting Patient Privacy Objectives: Identify requirements of the HIPAA regulations for uses and disclosures of personal health information Define personal health information Emphasize the importance of privacy Identify examples of how we protect privacy Identify patient rights according to HIPAA regulations
What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act 1996 HIPAA is a federal law which: Regulates and sets standards for protecting patient privacy and confidentiality of patient health information Describes how we may use and disclose health information Expands patient s rights regarding their health information Includes penalties for privacy violations
Why do we need training? We are all are responsible for protecting the privacy and confidentiality of patient information. In order to fulfill your responsibility, you need to understand the requirements of HIPAA. Regulations require the entire workforce receive training. Aultman is committed to complying with these regulations regarding patient privacy.
Why is patient privacy important to us? Patients are concerned: Patients are aware we share their health information in the course of treatment. Patients and the community expect us to protect their health information. There is growing concern about identity theft. If we don t protect their health information: Quality of care can be compromised, Loss of community reputation We have an ethical and moral obligation to protect patient health information.
What information is considered private? Protected Health Information (PHI): any information generated in the course of treating a patient that may allow identification of an individual. Relates to past, present, or future physical or mental conditions Examples: name, address, birth date, admission date, social security number, diagnosis, test results.
How do we protect patient information? HIPAA regulations provide standards to protect health information Minimum Necessary Standard: Need to Know standard Only access information needed to do your job Example: Nursing personnel should not be looking up family or friends test results Only disclose information that someone else needs to do their job Example: when making a referral, only disclose information requested for the referral, nothing extra
Safeguarding patient information If using a computer- use your individual password - no sharing or posting passwords Discuss patient information privately: Pull curtains between patients, Speak in a low tones, and Do not discuss PHI in elevators, cafeteria, etc. Secure charts and forms Unauthorized personnel should not be viewing medical records Use shredding containers Place all paper containing PHI in shred containers
Shield computers Safeguarding patient information If in a high traffic area, turn screen away from the traffic flow Follow Aultman s policies and procedures regarding privacy Do not remove patient information from the facilities For example, report sheets or any portion of the medical record
Safeguarding Patient Privacy Social Communications Do not discuss patient information Remember, once posted, your comments are in the public domain
Important HIPAA Topics How we use and disclose health information Patient Directory options Friends and Family Standard Employee confidentiality Patient Rights Privacy Compliance Notice of Privacy Practices
Patient Directory Listing of admitted, ER, Same Day Surgery patients One-word condition (guarded or satisfactory) and location (room number) available to callers who request information by patient name Patient may choose to be included in the Directory or opt-out and be excluded If patient opts-out of directory, no information is disclosed to general public, no flowers or mail will be delivered. Aultman s term is Do Not Publish (DNP)
Family and Friends Common to have family and/or friends involved in care Should be actively participating in the care of the patient-not just a nosy neighbor Obtain approval from patient before sharing PHI Oral or written approval is acceptable and should be documented in medical record Patient may change his mind at any time The staff must use professional judgment when patient is unconscious or incapacitated Utilize Minimum Necessary Standard Obtain approval when patient is able When in doubt, do not disclose information Ask patient Ask manager
Maintaining Confidentiality Among Employees Unless medically necessary, sharing patient information about a patient with another employee is not permitted Interesting patient stories are not to be discussed No gossiping about patients and their families You are not permitted to discuss specific patient information with your parents, teachers or friends
Maintaining Confidentiality Among Employees Employees admitted as patients have the right to have their patient information kept confidential Do not look up information available on computer systems that is not part of your job function Do not call hospital units and inquire about their condition Employees should not look up their own test results or test results of family/friends
Breaches A breach is an inappropriate access or use of PHI. Test results sent to wrong patient Lost or stolen lap top Snooping When a breach occurs, Aultman must: Notify the patient of the breach Notify the Department of Health and Human Services Notify the media if the breach involves more than 500 patients
Patient Rights: Access and Amendment Patients have the right to request a copy and inspect most of their health information we maintain Medical Records Department will process Access requests Patients have the right to request that their health information be amended (changed) Medical Records handles these requests Original information will be amended not deleted Amendments will be determined by the originator of the information i.e. physician or nurse
Patient Rights: Accounting and Restrictions Patients have the right to request an accounting of many of the disclosures we make of their PHI The hospital will have to provide a list of everyone to whom we have disclosed a patient s PHI. Patients have the right to request certain restrictions on their PHI Examples: patient may request their insurance not be billed for a procedure and pay with cash instead
Additional Patient Rights Patients have the right to file a complaint With Patient Relations With the Department of Health and Human Services in Washington D.C. The hospital is not permitted to retaliate against patients who file a complaint. Patients have the right to request to receive communications from us by alternative means or at alternative locations Send the bill to a certain address Call a certain cellular number instead of the patient s home Aultman does not have to agree to unreasonable restriction requests
Right to Notice of Privacy Practices (NPP) Patients must be offered written Notice of Privacy Practices with first contact after 4/14/03 The Notice of Privacy Practices informs the patient of how Aultman will use and disclose their PHI
Privacy Officer HIPAA rules state we must designate someone to be responsible for assuring compliance with the regulations Our Privacy Officer: Tim Regula Extension 37448 Via e-mail at privacyoffice.com
Privacy Compliance Notify Privacy Officer or your manager if you become aware of any misuses of PHI No retaliation for reporting privacy concerns Inappropriate misuse of PHI may result in formal disciplinary action as outlined in the employee handbook Regulations contain both criminal and civil penalties for privacy violations
Summary HIPAA is a federal law which: Sets standards we must comply with to protect patient information Gives patients new rights Includes penalties for violating patient confidentiality regulations Aultman is committed to protecting patient s privacy by complying with the regulations Quality patient care includes protecting patient information Protecting patient information is everyone s responsibility
Post Test 1. Why is patient privacy important? 2. Information generated in the course of treating a patient that identifies that patient as an individual is called? 3. What does the Minimum Necessary Standard describe? 4. Name four methods of safeguarding patient information
Post Test (cont d) 5. Friends and family need to be actively involved in the patient s care in order to be considered under the Friends and Family Standard a. True b. False 6. It is okay to share patient information among employees if it is for treatment, payment or health care operations a. True b. False 7. It is not okay to share specific patient information with your family, teachers and friends a. True b. False
Post Test (cont d) 8. Name Aultman s Privacy Officer is 9. Patients must be offered a written Notice of Privacy Practices. a. True b. False 10. Protecting patient privacy and confidentiality of their health information is responsibility.